Mageia forum

by **aleximon** » Jun 22nd, '25, 22:55

Hello!
I need to connect to an L2TP IPSEC VPN for my work (Windows Server). On my first installation of Mageia 9 (in 2024), I was able to successfully configure my VPN using networkmanager-l2tp, xl2tpd, and strongswan packages.
After not using Mageia for a while, I reinstalled it. I was unable to connect to VPN again. I can access it without any issues on Arch or Debian.
Could you help me?
Using nm-applet, the notification says: "Connection fails"
On the terminal:

Code: Select all: $ nmcli --ask c up VPN_NAME Error: Connection activation failed: Unknown reason

by **doktor5000** » Jun 23rd, '25, 17:02

Hi there,
you should at least post journalctl logs from networkmanager and ipsec for the timeframe where you tried the connection. As root

Code: Select all: journalctl -ab -u NetworkManager.service -n 750 journalctl -ab -u ipsec.service -n 750

Also see an earlier thread about this: https://forums.mageia.org/en/viewtopic.php?f=25&t=13555

by **aleximon** » Jun 23rd, '25, 21:15

I'm using XFCE desktop and strongswan

Code: Select all: $ journalctl -ab -u NetworkManager.service -n 750 [...] jun 23 15:04:56 mageia NetworkManager[860]: <info> [1750701896.0955] manager: startup complete jun 23 15:04:56 mageia NetworkManager[860]: <info> [1750701896.0955] modem-manager: ModemManager now available jun 23 15:04:56 mageia NetworkManager[860]: <info> [1750701896.9814] dhcp6 (wlo1): activation: beginning transaction (timeout in 45 seconds) jun 23 15:04:56 mageia NetworkManager[860]: <info> [1750701896.9826] policy: set 'System -Wifi-Network-Name- (wlo1)' (wlo1) as default for IPv6 routing and DNS jun 23 15:04:57 mageia NetworkManager[860]: <info> [1750701897.1096] dhcp6 (wlo1): state changed new lease jun 23 15:05:17 mageia NetworkManager[860]: <info> [1750701917.2603] agent-manager: agent[21cc72d588169bf9,:1.31/org.freedesktop.nm-applet/1000]: agent registered jun 23 15:07:52 mageia NetworkManager[860]: <info> [1750702072.0739] vpn[0x1567110,3faa54db-ccff-41c0-9d9e-af1b22e96dd1,"VPN-NAME"]: starting l2tp jun 23 15:07:52 mageia NetworkManager[860]: <info> [1750702072.0744] audit: op="connection-activate" uuid="3faa54db-ccff-41c0-9d9e-af1b22e96dd1" name="VPN-NAME" pid=1404 uid=1000 result="success" jun 23 15:07:52 mageia nm-l2tp-service[2370]: Check port 1701 jun 23 15:07:52 mageia NetworkManager[2384]: Stopping strongSwan IPsec failed: starter is not running jun 23 15:07:54 mageia NetworkManager[2381]: Starting strongSwan 5.9.14 IPsec [starter]... jun 23 15:07:54 mageia NetworkManager[2381]: Loading config setup jun 23 15:07:54 mageia NetworkManager[2381]: Loading conn '3faa54db-ccff-41c0-9d9e-af1b22e96dd1' jun 23 15:07:54 mageia ipsec_starter[2381]: Starting strongSwan 5.9.14 IPsec [starter]... jun 23 15:07:54 mageia ipsec_starter[2381]: Loading config setup jun 23 15:07:54 mageia ipsec_starter[2381]: Loading conn '3faa54db-ccff-41c0-9d9e-af1b22e96dd1' jun 23 15:07:54 mageia ipsec_starter[2393]: Attempting to start charon... jun 23 15:07:54 mageia charon[2394]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.14, Linux 6.6.93-desktop-1.mga9, x86_64) jun 23 15:07:54 mageia charon[2394]: 00[CFG] PKCS11 module '<name>' lacks library path jun 23 15:07:54 mageia charon[2394]: 00[LIB] providers loaded by OpenSSL: legacy default jun 23 15:07:55 mageia charon[2394]: 00[LIB] created TUN device: ipsec0 jun 23 15:07:55 mageia NetworkManager[860]: <info> [1750702075.1044] manager: (ipsec0): new Tun device (/org/freedesktop/NetworkManager/Devices/4) jun 23 15:07:55 mageia charon[2394]: 00[CFG] install DNS servers in '/etc/strongswan/resolv.conf' jun 23 15:07:55 mageia charon[2394]: 00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts' jun 23 15:07:55 mageia charon[2394]: 00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts' jun 23 15:07:55 mageia charon[2394]: 00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts' jun 23 15:07:55 mageia charon[2394]: 00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts' jun 23 15:07:55 mageia charon[2394]: 00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls' jun 23 15:07:55 mageia charon[2394]: 00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets' jun 23 15:07:55 mageia charon[2394]: 00[CFG] loading secrets from '/etc/strongswan/ipsec.d/ipsec.nm-l2tp.secrets' jun 23 15:07:55 mageia charon[2394]: 00[CFG] loaded IKE secret for %any jun 23 15:07:55 mageia charon[2394]: 00[CFG] opening triplet file /etc/strongswan/ipsec.d/triplets.dat failed: No such file or directory jun 23 15:07:55 mageia charon[2394]: 00[CFG] loaded 0 RADIUS server configurations jun 23 15:07:55 mageia charon[2394]: 00[TNC] MAP server certificate not defined jun 23 15:07:55 mageia charon[2394]: 00[TNC] TNC recommendation policy is 'default' jun 23 15:07:55 mageia charon[2394]: 00[TNC] loading IMVs from '/etc/tnc_config' jun 23 15:07:55 mageia charon[2394]: 00[TNC] opening configuration file '/etc/tnc_config' failed: No such file or directory jun 23 15:07:55 mageia charon[2394]: 00[CFG] missing PDP server name, PDP disabled jun 23 15:07:55 mageia charon[2394]: 00[TNC] loading IMCs from '/etc/tnc_config' jun 23 15:07:55 mageia charon[2394]: 00[TNC] opening configuration file '/etc/tnc_config' failed: No such file or directory jun 23 15:07:55 mageia charon[2394]: 00[CFG] HA config misses local/remote address jun 23 15:07:55 mageia charon[2394]: 00[CFG] no script for ext-auth script defined, disabled jun 23 15:07:55 mageia charon[2394]: 00[CFG] no threshold configured for systime-fix, disabled jun 23 15:07:55 mageia charon[2394]: 00[LIB] loaded plugins: charon ldap pkcs11 tpm aesni aes des rc2 sha2 sha3 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl pkcs8 fips-prf gmp curve25519 chapoly xcbc cmac hmac kdf gcm drbg curl soup sqlite attr kernel-libipsec kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp led duplicheck unity counters jun 23 15:07:55 mageia charon[2394]: 00[LIB] dropped capabilities, running as uid 0, gid 0 jun 23 15:07:55 mageia charon[2394]: 00[JOB] spawning 16 worker threads jun 23 15:07:55 mageia ipsec_starter[2393]: charon (2394) started after 460 ms jun 23 15:07:55 mageia charon[2394]: 10[CFG] received stroke: add connection '3faa54db-ccff-41c0-9d9e-af1b22e96dd1' jun 23 15:07:55 mageia charon[2394]: 10[CFG] added configuration '3faa54db-ccff-41c0-9d9e-af1b22e96dd1' jun 23 15:07:55 mageia charon[2394]: 11[CFG] rereading secrets jun 23 15:07:55 mageia charon[2394]: 11[CFG] loading secrets from '/etc/strongswan/ipsec.secrets' jun 23 15:07:55 mageia charon[2394]: 11[CFG] loading secrets from '/etc/strongswan/ipsec.d/ipsec.nm-l2tp.secrets' jun 23 15:07:55 mageia charon[2394]: 11[CFG] loaded IKE secret for %any jun 23 15:07:55 mageia charon[2394]: 13[CFG] received stroke: initiate '3faa54db-ccff-41c0-9d9e-af1b22e96dd1' jun 23 15:07:55 mageia charon[2394]: 15[IKE] initiating Main Mode IKE_SA 3faa54db-ccff-41c0-9d9e-af1b22e96dd1[1] to 200.3.123.1 jun 23 15:07:55 mageia charon[2394]: 15[IKE] initiating Main Mode IKE_SA 3faa54db-ccff-41c0-9d9e-af1b22e96dd1[1] to 200.3.123.1 jun 23 15:07:55 mageia charon[2394]: 15[ENC] generating ID_PROT request 0 [ SA V V V V V ] jun 23 15:07:55 mageia charon[2394]: 15[NET] sending packet: from 192.168.1.35[500] to 200.3.123.1[500] (532 bytes) jun 23 15:07:55 mageia charon[2394]: 01[NET] received packet: from 200.3.123.1[500] to 192.168.1.35[500] (160 bytes) jun 23 15:07:55 mageia charon[2394]: 01[ENC] parsed ID_PROT response 0 [ SA V V V V ] jun 23 15:07:55 mageia charon[2394]: 01[IKE] received NAT-T (RFC 3947) vendor ID jun 23 15:07:55 mageia charon[2394]: 01[IKE] received XAuth vendor ID jun 23 15:07:55 mageia charon[2394]: 01[IKE] received DPD vendor ID jun 23 15:07:55 mageia charon[2394]: 01[IKE] received FRAGMENTATION vendor ID jun 23 15:07:55 mageia charon[2394]: 01[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 jun 23 15:07:55 mageia charon[2394]: 01[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] jun 23 15:07:55 mageia charon[2394]: 01[NET] sending packet: from 192.168.1.35[500] to 200.3.123.1[500] (244 bytes) jun 23 15:07:55 mageia charon[2394]: 09[NET] received packet: from 200.3.123.1[500] to 192.168.1.35[500] (236 bytes) jun 23 15:07:55 mageia charon[2394]: 09[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] jun 23 15:07:55 mageia charon[2394]: 09[IKE] local host is behind NAT, sending keep alives jun 23 15:07:55 mageia charon[2394]: 09[ENC] generating ID_PROT request 0 [ ID HASH ] jun 23 15:07:55 mageia charon[2394]: 09[NET] sending packet: from 192.168.1.35[4500] to 200.3.123.1[4500] (76 bytes) jun 23 15:07:55 mageia charon[2394]: 10[NET] received packet: from 200.3.123.1[4500] to 192.168.1.35[4500] (76 bytes) jun 23 15:07:55 mageia charon[2394]: 10[ENC] parsed ID_PROT response 0 [ ID HASH ] jun 23 15:07:55 mageia charon[2394]: 10[IKE] IKE_SA 3faa54db-ccff-41c0-9d9e-af1b22e96dd1[1] established between 192.168.1.35[192.168.1.35]...200.3.123.1[200.3.123.1] jun 23 15:07:55 mageia charon[2394]: 10[IKE] IKE_SA 3faa54db-ccff-41c0-9d9e-af1b22e96dd1[1] established between 192.168.1.35[192.168.1.35]...200.3.123.1[200.3.123.1] jun 23 15:07:55 mageia charon[2394]: 10[IKE] scheduling reauthentication in 9836s jun 23 15:07:55 mageia charon[2394]: 10[IKE] maximum IKE_SA lifetime 10376s jun 23 15:07:55 mageia charon[2394]: 10[ENC] generating QUICK_MODE request 2415001439 [ HASH SA No ID ID NAT-OA NAT-OA ] jun 23 15:07:55 mageia charon[2394]: 10[NET] sending packet: from 192.168.1.35[4500] to 200.3.123.1[4500] (252 bytes) jun 23 15:07:55 mageia charon[2394]: 12[NET] received packet: from 200.3.123.1[4500] to 192.168.1.35[4500] (188 bytes) jun 23 15:07:55 mageia charon[2394]: 12[ENC] parsed QUICK_MODE response 2415001439 [ HASH SA No ID ID NAT-OA NAT-OA ] jun 23 15:07:55 mageia charon[2394]: 12[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ jun 23 15:07:55 mageia charon[2394]: 12[ESP] IPsec SA: unsupported mode jun 23 15:07:55 mageia charon[2394]: 12[ESP] failed to create SAD entry jun 23 15:07:55 mageia NetworkManager[2428]: initiating Main Mode IKE_SA 3faa54db-ccff-41c0-9d9e-af1b22e96dd1[1] to 200.3.123.1 jun 23 15:07:55 mageia NetworkManager[2428]: generating ID_PROT request 0 [ SA V V V V V ] jun 23 15:07:55 mageia NetworkManager[2428]: sending packet: from 192.168.1.35[500] to 200.3.123.1[500] (532 bytes) jun 23 15:07:55 mageia NetworkManager[2428]: received packet: from 200.3.123.1[500] to 192.168.1.35[500] (160 bytes) jun 23 15:07:55 mageia NetworkManager[2428]: parsed ID_PROT response 0 [ SA V V V V ] jun 23 15:07:55 mageia NetworkManager[2428]: received NAT-T (RFC 3947) vendor ID jun 23 15:07:55 mageia NetworkManager[2428]: received XAuth vendor ID jun 23 15:07:55 mageia NetworkManager[2428]: received DPD vendor ID jun 23 15:07:55 mageia NetworkManager[2428]: received FRAGMENTATION vendor ID jun 23 15:07:55 mageia NetworkManager[2428]: selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 jun 23 15:07:55 mageia NetworkManager[2428]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ] jun 23 15:07:55 mageia NetworkManager[2428]: sending packet: from 192.168.1.35[500] to 200.3.123.1[500] (244 bytes) jun 23 15:07:55 mageia NetworkManager[2428]: received packet: from 200.3.123.1[500] to 192.168.1.35[500] (236 bytes) jun 23 15:07:55 mageia NetworkManager[2428]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] jun 23 15:07:55 mageia NetworkManager[2428]: local host is behind NAT, sending keep alives jun 23 15:07:55 mageia NetworkManager[2428]: generating ID_PROT request 0 [ ID HASH ] jun 23 15:07:55 mageia NetworkManager[2428]: sending packet: from 192.168.1.35[4500] to 200.3.123.1[4500] (76 bytes) jun 23 15:07:55 mageia NetworkManager[2428]: received packet: from 200.3.123.1[4500] to 192.168.1.35[4500] (76 bytes) jun 23 15:07:55 mageia NetworkManager[2428]: parsed ID_PROT response 0 [ ID HASH ] jun 23 15:07:55 mageia NetworkManager[2428]: IKE_SA 3faa54db-ccff-41c0-9d9e-af1b22e96dd1[1] established between 192.168.1.35[192.168.1.35]...200.3.123.1[200.3.123.1] jun 23 15:07:55 mageia NetworkManager[2428]: scheduling reauthentication in 9836s jun 23 15:07:55 mageia NetworkManager[2428]: maximum IKE_SA lifetime 10376s jun 23 15:07:55 mageia NetworkManager[2428]: generating QUICK_MODE request 2415001439 [ HASH SA No ID ID NAT-OA NAT-OA ] jun 23 15:07:55 mageia NetworkManager[2428]: sending packet: from 192.168.1.35[4500] to 200.3.123.1[4500] (252 bytes) jun 23 15:07:55 mageia NetworkManager[2428]: received packet: from 200.3.123.1[4500] to 192.168.1.35[4500] (188 bytes) jun 23 15:07:55 mageia NetworkManager[2428]: parsed QUICK_MODE response 2415001439 [ HASH SA No ID ID NAT-OA NAT-OA ] jun 23 15:07:55 mageia NetworkManager[2428]: selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ jun 23 15:07:55 mageia NetworkManager[2428]: IPsec SA: unsupported mode jun 23 15:07:55 mageia NetworkManager[2428]: failed to create SAD entry jun 23 15:07:55 mageia NetworkManager[2428]: IPsec SA: unsupported mode jun 23 15:07:55 mageia NetworkManager[2428]: failed to create SAD entry jun 23 15:07:55 mageia NetworkManager[2428]: unable to install inbound and outbound IPsec SA (SAD) in kernel jun 23 15:07:55 mageia NetworkManager[2428]: establishing connection '3faa54db-ccff-41c0-9d9e-af1b22e96dd1' failed jun 23 15:07:55 mageia charon[2394]: 12[ESP] IPsec SA: unsupported mode jun 23 15:07:55 mageia charon[2394]: 12[ESP] failed to create SAD entry jun 23 15:07:55 mageia charon[2394]: 12[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel jun 23 15:07:55 mageia charon[2394]: 12[ENC] generating INFORMATIONAL_V1 request 381548582 [ HASH N(NO_PROP) ] jun 23 15:07:55 mageia charon[2394]: 12[NET] sending packet: from 192.168.1.35[4500] to 200.3.123.1[4500] (76 bytes) jun 23 15:07:56 mageia NetworkManager[2434]: Stopping strongSwan IPsec... jun 23 15:07:56 mageia charon[2394]: 00[DMN] SIGINT received, shutting down jun 23 15:07:56 mageia charon[2394]: 00[IKE] deleting IKE_SA 3faa54db-ccff-41c0-9d9e-af1b22e96dd1[1] between 192.168.1.35[192.168.1.35]...200.3.123.1[200.3.123.1] jun 23 15:07:56 mageia charon[2394]: 00[IKE] deleting IKE_SA 3faa54db-ccff-41c0-9d9e-af1b22e96dd1[1] between 192.168.1.35[192.168.1.35]...200.3.123.1[200.3.123.1] jun 23 15:07:56 mageia charon[2394]: 00[IKE] sending DELETE for IKE_SA 3faa54db-ccff-41c0-9d9e-af1b22e96dd1[1] jun 23 15:07:56 mageia charon[2394]: 00[ENC] generating INFORMATIONAL_V1 request 3060517025 [ HASH D ] jun 23 15:07:56 mageia charon[2394]: 00[NET] sending packet: from 192.168.1.35[4500] to 200.3.123.1[4500] (92 bytes) jun 23 15:07:56 mageia ipsec_starter[2393]: child 2394 (charon) has quit (exit code 0) jun 23 15:07:56 mageia ipsec_starter[2393]: jun 23 15:07:56 mageia ipsec_starter[2393]: charon stopped after 200 ms jun 23 15:07:56 mageia ipsec_starter[2393]: ipsec starter stopped jun 23 15:07:56 mageia nm-l2tp-service[2370]: Could not establish IPsec connection. jun 23 15:07:56 mageia nm-l2tp-service[2370]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed

And:

Code: Select all: $ journalctl -ab -u ipsec.service -n 750 -- No entries --

Thanks for your reply!

Mageia forum

L2TP IPSEC VPN fails to connect

L2TP IPSEC VPN fails to connect

Re: L2TP IPSEC VPN fails to connect

Re: L2TP IPSEC VPN fails to connect

Who is online